Software vulnerability is a major risk factor associated with today's cyber attacks.
The software vulnerability is a major problem in typical networks. This would especially be so in a network including a large number of homogeneous terminal devices, for instance, in a control network with a high proportion of devices having same defects. Moreover, breakdown of such a control network poses more serious threats in that the functions of social infrastructures, such as transmission and distribution of electricity, traffic systems and production facilities, would be lost.
As to security of the control network, in addition to data confidentiality and integrity that are required in view of billing and privacy information protection, availability and reliability are strongly demanded. The former (confidentiality) is achieved by applying end-to-end security, such as SSL. The latter (integrity) is achieved by applying techniques of isolation from a general network, such as wireless LAN security and a virtual private network (VPN).
Conventionally, a control network has been physically isolated so as to avoid adverse effects of traffic or attacks from another terminal, in particular an unauthorized terminal. In power distribution networks and sensor networks, a part of its public network is increasingly configured as a virtual private network (VPN) to exclude connection from an unauthorized terminal. In addition to such isolation, a basic practice for control network security is to concurrently use end-to-end security, such as SSL, which is common in a public network.
In both of such isolation and end-to-end security, the core of supporting a cryptographic process and access control for implementation thereof is system software (and partially, cryptographic hardware).
The software vulnerability becomes a large problem when the system software is targeted for falsification. Falsified system software leads to the impairment of not only applicational functions, such as data collection and control procedures, but also both the function related to the confidentiality and the isolation function.
If a terminal in the control network is intruded owing to software vulnerability, the same cryptographic process and access control functions of the system software may be impaired for both the isolation (e.g., an authentication process of wireless LAN security) and the end-to-end security (e.g., an authentication process for billing application). This may further lead to leakage of a secret key.
System software update is essential for correction (prevention and recovery) of software vulnerability. However, such system software update is generally intended for prevention, and the system software which is normally operating is prerequisite. A large-scale intrusion into the network will be addressed by a network administrator who partially isolates the network or other operations, and eventually software of each device will manually be updated through a maintenance interface of the device, and not through the network. This, however, requires many field service engineers, and is costly.